With the development of science and technology, users can obtain various applications from the Internet. Some applications may destroy the user's computer system during execution, causing the files in the computer be damaged or the user's personal information be stolen.
At present, the detection mechanism of malware mainly utilizes the signature-based comparison to determine whether the application is a malicious program and defends against attacks of these malicious programs. However, the detection mechanism of signature-based comparison can only detect the malicious programs based on the known sample features, and need to extract a certain number of features during the execution of the application to have the opportunity to determine whether the application being executed currently is malicious program. In this case, when a malicious program is detected, the malicious program may have damaged the file on the computer or have stolen the user's personal information.
In view of the above, how to establish a behavior inference model which can accurately infer the follow-up program operations in the early execution period of the application to prevent the computer file from being damaged or prevent the user's personal information from being stolen is an urgent needed for the industry.